Communities of practice, Computer security -- Simulation methods, Deterrence (Strategy)


Information security has become a major challenge for all private and public organizations. The protection of proprietary and secret data and the proper awareness of what is entailed in protecting this data are necessary in all organizations. This treatise examines how simulation and training would influence information security awareness over time in virtual communities of practice under a variety of security threats. The hypothesis of the study was that security-trained members of a virtual community of practice would respond significantly better to routine security processes and attempts to breach security or to violate the security policy of their organization or of their virtual community of practice. Deterrence theory was used as the grounded theory and integrated in the information security awareness training with simulated scenarios. The study provided training with simulated scenarios and then tested the users of a virtual community of practice over an approximately twelve-week period to see if the planned security awareness training with simulated security problem scenarios would be effective in improving their responses to the follow-up tests. The research subjects were divided into four groups, the experimental group and three control groups. The experimental group received all of the training and testing events throughout the twelve-week period. The three control groups received various portions of the training and testing. The data from all of the tests were analyzed using the Kruskal-Wallis iv ranked order test, and it was determined that there was no significant difference between the groups at the end of the data collection. Even though the null hypothesis, which stated that there would be no difference between the groups scores on the information security awareness tests, was not rejected, the groups that received the initial training with the simulated scenarios did perform slightly better from the pre-training test to the post-training test when compared with the control group that did not receive the initial training. More research is suggested to determine how information security awareness training with simulated scenarios and follow-up testing can be used to improve and sustain the security practices of members of virtual communities of practice. Specifically, additional research could include: comparing the effect of training with the simulated scenarios and with training that would not use the simulated security scenarios; the potential benefits of using adaptive and intelligent training to focus on the individual subjects’ weaknesses and strengths; the length of the training with simulated scenarios events, the time between each training event, and the overall length of the training; the demographics of the groups used in the training, and how different user characteristics impact the efficacy of the training with simulated scenarios and testing; and lastly examining how increasing the fidelity of the simulated scenarios might impact the results of the follow-up tests.


If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at

Graduation Date





Reilly, Charles


Doctor of Philosophy (Ph.D.)


College of Engineering and Computer Science

Degree Program

Modeling and Simulation








Length of Campus-only Access


Access Status

Doctoral Dissertation (Open Access)


Dissertations, Academic -- Engineering and Computer Science, Engineering and Computer Science -- Dissertations, Academic

Included in

Engineering Commons